Another Access Control What we Missed: Review Exploit Defense From AC view

Presented at ToorCon San Diego 16 (2014), Oct. 26, 2014, 3:30 p.m. (20 minutes)

Today, many different approaches are used by Industry to stop 0-day, but attack techniques are rapidly improved. From Ret2Libc to ROP, existing defense solutions have many challenges to stop novel exploit techniques before it’s published. In this talk, we will review the new techniques published by hackers in past 2 years to create powerful exploit even without ROP and rethink the new defense approaches from access control view.

Presenters:

• Tao Wei
  Tao Wei is one co-organizer of the BitBlaze research group. He was an Associate Professor at Peking University and a visiting Project Scientist at UC Berkeley. His research interests include software analysis and system protection, web trust and privacy, programing languages, and mobile security. He and the team published papers at top-tier academic security conferences. He also led the team to win the special recognition award of the Bluehat prize contest 2012 by proposing a high-performance software hardening approach.
• Xiaoning Li
  Xiaoning Li is a security researcher for a Fortune 50 company. For the past 10 years, his work has been focusing on vulnerability research, new exploit development, malware analysis, and reverse engineering.

Similar Presentations:

• DeepSec 2016 „Ten“ / Brace Yourselves - Exploit Automation is Coming!
• DEF CON 27 (2019) / Exploiting Windows Exploit Mitigation for ROP Exploits